Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8333892

MemorySegment::reinterpret removes read-only property

XMLWordPrintable

    • Icon: CSR CSR
    • Resolution: Approved
    • Icon: P3 P3
    • 23, 24
    • core-libs
    • None
    • behavioral
    • low
    • Hide
      Clients that relied on implicit conversion from read-only segments to writable segments via `reinterpret` will now see read-only segments being returned.

      It is still possible to turn a read-only segment into a writable segment via the `MemorySegment::ofAddress` method. This could be used as an escape hatch for clients previously relying on the faulty behavior of `reinterpret`
      Show
      Clients that relied on implicit conversion from read-only segments to writable segments via `reinterpret` will now see read-only segments being returned. It is still possible to turn a read-only segment into a writable segment via the `MemorySegment::ofAddress` method. This could be used as an escape hatch for clients previously relying on the faulty behavior of `reinterpret`
    • SE

      Summary

      The MemorySegment::reinterpret overloads shall retain the read-only state from the original segment. Currently, this is not the case.

      Problem

      It is possible to "crack open" a read-only segment by reinterpretation. This was not intended by the API designers and is a flaw.

      Solution

      Retain the read-only state for reinterpreted segments.

      Specification

      diff --git a/src/java.base/share/classes/java/lang/foreign/MemorySegment.java b/src/java.base/share/classes/java/lang/foreign/MemorySegment.java
      index 6c75c0385fa78..0318310e09f69 100644
      --- a/src/java.base/share/classes/java/lang/foreign/MemorySegment.java
      +++ b/src/java.base/share/classes/java/lang/foreign/MemorySegment.java
      @@ -706,6 +718,10 @@ public sealed interface MemorySegment permits AbstractMemorySegmentImpl {
           /**
            * Returns a new memory segment that has the same address and scope as this segment,
            * but with the provided size.
      +     * 

      + * If this segment is {@linkplain MemorySegment#isReadOnly() read-only}, + * the returned segment is also {@linkplain MemorySegment#isReadOnly() read-only}. + * * * @param newSize the size of the returned segment * @return a new memory segment that has the same address and scope as @@ -741,6 +757,9 @@ public sealed interface MemorySegment permits AbstractMemorySegmentImpl { * That is, the cleanup action receives a segment that is associated with the global * scope, and is accessible from any thread. The size of the segment accepted by the * cleanup action is {@link #byteSize()}. + *

      + * If this segment is {@linkplain MemorySegment#isReadOnly() read-only}, + * the returned segment is also {@linkplain MemorySegment#isReadOnly() read-only}. * * @apiNote The cleanup action (if present) should take care not to leak the received * segment to external clients that might access the segment after its @@ -786,6 +805,9 @@ public sealed interface MemorySegment permits AbstractMemorySegmentImpl { * That is, the cleanup action receives a segment that is associated with the global * scope, and is accessible from any thread. The size of the segment accepted by the * cleanup action is {@code newSize}. + *

      + * If this segment is {@linkplain MemorySegment#isReadOnly() read-only}, + * the returned segment is also {@linkplain MemorySegment#isReadOnly() read-only}. * * @apiNote The cleanup action (if present) should take care not to leak the received * segment to external clients that might access the segment after its

            pminborg Per-Ake Minborg
            jvernee Jorn Vernee
            Jorn Vernee
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: